Bugtraq mailing list archives

Re: Non-PK encryption not vulnerable via low key length?!

From: softtest () wu1 wl aecl ca (Software Test Account)
Date: Thu, 16 Mar 1995 22:36:41 -0600 (CST)


On Thu, 16 Mar 1995, That Whispering Wolf... wrote:

Correct me if I am wrong - RC2 and RC4 are not public key cyrptosystems,
and hence are not "prone" to the problems with low moduli.


   You are wrong.

   If the key is only 128-bit, that's a much smaller keyspace to 
brute-force attack than a 1024-bit key.

   (do the math)


You add a qualifier here -- "brute force attack" -- that makes your statement
technichally correct, but misleading.

You generally see keyspaces of 1024 bits (etc) in public key cryptosystems
(RSA/PGP). You see 128-bit keysizes on traditional cryptosystems, like RC2,
RC4, IDEA (the -real- encryption in PGP), etc.

The problem here is that the best way to break a public-key cryptosystem
is _not_ by brute force. RSA gets it's strength from the fact that it's very
hard to factor a large number (1024 bits, for example) made up of two
multiplied large primes, into it's individual primes. To break RSA, you
'simply' have to factor the key, which is orders of magnitude faster than
a brute force attack on the system.

Large key sizes are required for public-key cryptosystems, because HUGE
advances are being made in number factoring. 1024-bit keys are still out
of reach, but for how long?

In the case of RC2 and RC4, the best (known -- Important word here) attack
is a brute force attack on the key -- something that is, for the moment,
prohibative.  Giveen huge advances in current technology, it'd still
take YEARS to crack -one- key.


RC2 and RC4 are both public key systems -- then why wouldn't factoring 
the key prove equally as (greatly more) effective as with attacks on 
RSA/PGP. 
         __pardon_my_misunderstanding__but__?

Anyhow, bottom line is that saying "RSA with a 1024 bit key is more secure
than RC4 with a 128 bit key" is a bit silly -- You're comparing apples to 
oranges. Nobody's going to brute-force attack RSA, since there are much better
ways to crack the system.

                                                                      -WW


Erik
     ____       _____    _______   __     Erik Lindquist  
    / _  |     / ___/   / _____/  /  /    Systems Administrator 
   / /_| |    / /__    / /       /  /     AECL Whiteshell Laboratories
  /  __  |   / ___/   / /       /  /      VOICE: (204) 753-2311x3145  
 / /   | |  / /____  / /_____  /  /_____  FAX:   (204) 753-2455 
/_/    |_| /______/ /_______/ /________/  E-mail: lindquie () wu1 wl aecl ca

Current thread:

Re: Lotus Notes Encryption Methods Dr. Frederick B. Cohen (Mar 14)
- Re: Lotus Notes Encryption Methods Perry E. Metzger (Mar 14)
- Re: Lotus Notes Encryption Methods Vishy Gopalakrishnan (Mar 14)
  - Non-PK encryption not vulnerable via low key length?! Jonathan Cooper (Mar 15)
    - Re: Non-PK encryption not vulnerable via low key length?! Mark G. Scheuern (Mar 15)
    - Re: Non-PK encryption not vulnerable via low key length?! That Whispering Wolf... (Mar 16)
    - Re: Non-PK encryption not vulnerable via low key length?! Software Test Account (Mar 16)
    - Re: Non-PK encryption not vulnerable via low key length?! Adam Shostack (Mar 17)
    - Re: Non-PK encryption not vulnerable via low key length?! Allan Sutton (Mar 17)
    - Problems with wuftpd - password logging(?) DaVe McComb (Mar 16)
- Re: Lotus Notes Encryption Methods Software Test Account (Mar 16)
  - Re: Lotus Notes Encryption Methods David Miller (Mar 17)
- <Possible follow-ups>
- Re: Lotus Notes Encryption Methods Paul C Leyland (Mar 17)
- Re: Lotus Notes Encryption Methods William McVey (Mar 17)